General
-
Target
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8.exe
-
Size
719KB
-
Sample
240518-lfchdadd67
-
MD5
635a01afa1e772848279a21b235d2039
-
SHA1
50f0b7e774a7b3a37b4ebba607211bb22e718747
-
SHA256
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8
-
SHA512
33488c9ec8945b7a35e385bf35521fc3668edd1d4c8e432453b68591834e8b3be99c3e2cc9b135c8becc264f74d91cfb0004a2a9fb9985be4ee7548fdb91ff6e
-
SSDEEP
12288:Wg0pei36R8HZuOQdflDntnyOUQJP5id5dkzKoFnpoaKUsAKr8FSMDb/DAVgDKD:Wjpp36wellDntnyODR00FnsAK6S0bEV
Static task
static1
Behavioral task
behavioral1
Sample
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
luyanzi.ac.ug - Port:
587 - Username:
[email protected] - Password:
info@lit!!! - Email To:
[email protected]
Targets
-
-
Target
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8.exe
-
Size
719KB
-
MD5
635a01afa1e772848279a21b235d2039
-
SHA1
50f0b7e774a7b3a37b4ebba607211bb22e718747
-
SHA256
b684434ec6cea2e4c4a139c41eba54efc9bea4575f7f09df8cf9daefb8339ef8
-
SHA512
33488c9ec8945b7a35e385bf35521fc3668edd1d4c8e432453b68591834e8b3be99c3e2cc9b135c8becc264f74d91cfb0004a2a9fb9985be4ee7548fdb91ff6e
-
SSDEEP
12288:Wg0pei36R8HZuOQdflDntnyOUQJP5id5dkzKoFnpoaKUsAKr8FSMDb/DAVgDKD:Wjpp36wellDntnyODR00FnsAK6S0bEV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-